| Skyler Grey | f7eb4ae | 2024-05-06 12:38:44 +0000 | [diff] [blame] | 1 | { |
| 2 | networking.nat = { |
| 3 | enable = true; |
| 4 | internalInterfaces = ["ve-aux-wikijs"]; |
| 5 | externalInterface = "enp1s0"; |
| 6 | }; |
| 7 | |
| 8 | containers.aux-wikijs = { |
| 9 | autoStart = true; |
| 10 | privateNetwork = true; |
| 11 | |
| 12 | hostAddress = "10.0.101.1"; |
| 13 | localAddress = "10.0.101.2"; |
| 14 | |
| 15 | config = { config, pkgs, lib, ... }: { |
| 16 | services.wiki-js = { |
| 17 | enable = true; |
| 18 | |
| 19 | settings = { |
| 20 | bindIP = "0.0.0.0"; |
| 21 | port = 1024; |
| 22 | |
| 23 | db = { |
| 24 | host = "127.0.0.1"; |
| 25 | user = "wiki"; |
| 26 | pass = "internalonly"; |
| 27 | }; |
| 28 | }; |
| 29 | }; |
| 30 | |
| 31 | system.stateVersion = "22.11"; |
| 32 | |
| 33 | services.postgresql = { |
| 34 | enable = true; |
| 35 | ensureDatabases = [ |
| 36 | "wiki" |
| 37 | ]; |
| 38 | ensureUsers = [ |
| 39 | { |
| 40 | name = "wiki"; |
| 41 | ensureDBOwnership = true; |
| 42 | } |
| 43 | ]; |
| 44 | }; |
| 45 | |
| 46 | systemd.services.postgresql.postStart = '' |
| 47 | $PSQL -tAc "ALTER USER wiki PASSWORD 'internalonly';" |
| 48 | ''; |
| 49 | |
| 50 | networking = { |
| 51 | firewall = { |
| 52 | enable = true; |
| 53 | allowedTCPPorts = [ 1024 ]; |
| 54 | }; |
| 55 | # Use systemd-resolved inside the container |
| 56 | # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 |
| 57 | useHostResolvConf = lib.mkForce false; |
| 58 | |
| 59 | nameservers = [ "1.1.1.1" "1.0.0.1" ]; |
| 60 | }; |
| 61 | }; |
| 62 | }; |
| 63 | } |